Troubleshooting Active Directory/LDAP server issues

Vigor Router supports using an Active Directory server or LDAP server to authenticate VPN clients or LAN clients. However, it is not easy to get the right configurations in the beginning because there are various Active Directory/LDAP servers' structures. This document provides some tips on troubleshooting LDAP issues.

Verify the Active Directory/LDAP account by Ldp tool

To check if the user accounts are created correctly on the Active Directory/LDAP server, we can use the Ldp tool, which is included in the support package provided by Microsoft.

The steps are:

  1. Download the ldp tool here.
  2. Unzip the file and run ldp.exe
  3. Connect to the Active Directory/LDAP server
  4. a screenshot of Ldp Tool
  5. Send a Bind Request.
    1. Click Bind under Connection
    2. Enter the User name, such as cn=vivian,ou=vpnusers,dc=draytek,dc=com
    3. Enter the Password
    4. Click OK
  6. a screenshot of Ldp Tool
  7. The server will respond to the result of the Bind Request.
    1. If the server responds Bind Failed and Invalid Credentials, that means the account or the password is not correct. Please recheck the user settings on the server.
    2. a screenshot of Ldp Tool
    3. If the server responds Authenticated,it means the binding is successful, and we can move forward to the next step. 
    4. a screenshot of Ldp Tool

Verify the Active Directory/LDAP settings on Vigor Router

1. Use Simple mode to verify if Vigor Router can bind the user account that has been tested with the Ldp tool successfully first.

a screenshot of DrayOS LDAP settings

2. Check if cn is configured for Common Name Identifier, and use the user account without cn=vivian that has been authenticated by LDAP server with Ldp tool for Base Distinguished Name.

a screenshot of DrayOS LDAP settings

3. Verify by creating a VPN connection. For the detailed steps, please refer to Authenticate Remote Dial-In VPN Clients with AD/LDAP Server

Contacting Support

If Simple Bind by LDP tool works but VPN still cannot pass the Active Directory/LDAP authentication, please provide the information below and then email them to [email protected] for our analysis.

Published On:2017-11-07 

Was this helpful?